SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSscms Siteserver Cms
APPSscms< 5.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Powiązane podatności
CVE-2022-44298CRITICAL9.8ten sam produkt
SiteServer CMS 7.1.3 is vulnerable to SQL Injection.
CVE-2022-44297CRITICAL9.8ten sam produkt
SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.
CVE-2022-28118CRITICAL9.8ten sam produkt
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.
CVE-2025-45529HIGH7.1ten sam produkt
An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to ...
CVE-2021-42655HIGH8.8ten sam produkt
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.